Massive data breaches affecting global companies like Sony, Neiman-Marcus and Target have solidified the unsettling fact that even huge mega companies cannot always prevent compromises in customer and company data.
According to the Ponemon Institute, these companies will likely be joined by thousands of other businesses experiencing data breaches that will cost them millions of dollars to address the lawsuits and revenue loss triggered by these breaches.
What measures are experts recommending businesses take to prevent compromises in data security?
1. ALLOCATE MORE BUDGET FUNDS TO PROTECTING INFORMATION.
Unfortunately, those prodigious security breaches suffered by Sony et al may have been preventable if CEOs had invested in more effective security software. Tying company objectives to the financial ramifications of not properly protecting data will highlight the need for increased or continued budget for robust security monitoring software. Executives must understand that investing millions of dollars in security software is a small price to pay compared to hundreds of millions of dollars that might be needed to reverse and address a breach.
2. PRIORITIZE CUSTOMER AND COMPANY DATA.
Establishing a viable information classification software program that methodically ranks sensitive data saved in organizational networks can enhance protection of high-priority information like patents, manufacturing procedures and classified formulas. According to William Dean, Director of Computer Forensics and Security Assessment for Sword and Shield Enterprise Security, "One of the more complex things for companies to do is implement a data classification system, primarily because executives dislike ranking one department's data as more important than another’s.”
3. DEVELOP AND STRICTLY ENFORCE SECURITY POLICIES.
Although most businesses establish policies that describe how employees may or may not use company networks as well as penalties for ignoring these policies, industry experts say that companies unwittingly choose to delegate too much time creating meticulously worded disclaimers and penalties that exonerate them of any responsibility for employee misconduct. Business should instead concentrate on developing rules that rigorously support the management of sensitive data. For example, an enhanced policy with strict guidelines on user privileges and password usage when accessing certain types of data would be beneficial.
The 2013 Verizon Data Breach Investigations Report states that over 75 percent of security breaches involve passwords that are weak and easy for hackers to identify. Providing educational seminars to employees for the purpose of emphasizing the importance of adhering to policies and what could happen to them personally if they engaged in lax security practices (stolen social security numbers, for example) is strongly suggested to help prevent security breaches from damaging a company's reputation and financial standing.
In general, more directed budget, prioritization of different types of company and customer data and rigorous development and enforcement of data security policies should be goals of C-level executives regardless of company size. Any investment in more effective data security measures will far outweigh the cost of a data breach.
We love you guys! Everything is going great.
Wow! This Chrome River is great. Word has spread [in our firm] and people that were not invited to be in the pilot group rollout have asked to be included!